AirPlay Security Flaws Impact Third-Party Devices and Unpatched Apple Products

0

Researchers at cybersecurity firm Oligo today outlined a series of AirPlay vulnerabilities that impact millions of Apple devices (via Wired) and accessories that connect to Apple devices. While Apple has addressed the flaws in security updates that have come out over the last several months, some third-party devices that support ‌AirPlay‌ remain vulnerable.

Dubbed “Airborne,” the ‌AirPlay‌ vulnerabilities allowed attackers to take control of devices that support ‌AirPlay‌ to spread malware to other devices on any local device that the infected device connects to. An attacker would need to be on the same Wi-Fi network as the intended victim, putting public Wi-Fi spots, businesses, and other high-traffic areas at more risk.

Oligo researchers said that the ‌AirPlay‌ flaws could lead to “sophisticated attacks related to espionage, ransomware, supply-chain attacks, and more.” The vulnerabilities could be used independently or chained together for a “variety of possible attack vectors,” such as Remote Code Execution, user interaction bypass, Denial of Service attacks, Man-in-the-Middle attacks, and more.

Apple worked with Oligo to identify and fix the vulnerabilities. Oligo found 23 separate security flaws, and Apple issued 17 CVEs to address them. Information on each vulnerability is outlined on Oligo’s website. Apple also deployed fixes for its ‌AirPlay‌ SDK for third-party manufacturers.

The same Airborne vulnerabilities also impact CarPlay, which could allow hackers to hijack the automotive computer in a car. This attack vector would require the attacker to be directly in the car and connected to either the car’s Bluetooth or an in-car USB port, which makes it unlikely.

Oligo recommends that users upgrade to the latest versions of iOS, iPadOS, macOS, tvOS, and visionOS, to protect themselves from these vulnerabilities. Other devices that support ‌AirPlay‌ may still be vulnerable, so users should take steps like disabling the ‌AirPlay‌ Receiver feature on Macs and restricting ‌AirPlay‌ to the current user instead of all users.

Oligo CTO Gal Elbaz told Wired that there could be tens of millions of third-party ‌AirPlay‌ devices that are still vulnerable to attack. Because ‌AirPlay‌ is supported in such a wide variety of devices, there are a lot that will take years to patch–or they will never be patched,” he said.

Tag: AirPlay

This article, “AirPlay Security Flaws Impact Third-Party Devices and Unpatched Apple Products” first appeared on MacRumors.com

Discuss this article in our forums

More Stories

OpenAI hits rewind on a ChatGPT feature after users notice strange behavior

0

iPhone production in India expands with two assembly plants from Tata and Foxconn

0

Apple continues leadership changes in two more divisions

0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

OpenAI hits rewind on a ChatGPT feature after users notice strange behavior

0

iPhone production in India expands with two assembly plants from Tata and Foxconn

0

Apple continues leadership changes in two more divisions

0

Craft adds Readwise integration for working with book notes and highlights [50% off]

0

Dashlane brings confidential computing to passkeys for better business security

0